In the beginning, there was “mailto:” and it was good (or at least functional to a point). Then Matt Wright graced us with the Perl script we all know as Form Mail for collecting and validating the users input.
Initially FormMail was touted to be a feature-rich, fully-functional send-mail script that would (and did) revolutionize the way websites collected form information and transferred it to the website admins without the need to use the all-to-familiar “mailto:” command that requires a user to add the info in an email.
Unfortunately for the developer, the security holes presented by FormMail are ever-present and there became a need to create a method that added additional security from the likes of spam-monkeys that would send various adult-themed solicitations that would circumvent the spam-filters by appearing to come from EBay or Amazon.com.
There are several options out there to combat the nuisance the FormMail presents; Perl, PHP and Java resources that have all been designed around this issue.
My personal favorite is SouperMail by Vittal Aithal. SouperMail is a free, generic, and highly configurable form to email CGI script. It’s written in Perl and runs on UNIX and Windows NT based web servers.
In addition to the obligatory functions that were supplied by FormMail, SouperMail allows us to do far more than simply collect and transmit data. You can also send forms to more than one email address simultaneously, copy the form contents to the forms sender, set and display cookies by using templates and return any MIME type back to the browser (e.g. XML) and much more.
The aforementioned security hole is dealt with via a series of config.txt files that isolate which email addresses can be used to send a particular form and those files are separate from the form itself. This makes it next-to impossible to send unsolicited forms by usurping the abilities of a hacked server. Only the addresses in the hidden configuration file(s) can be sent the form. Obviously, as with any program, there are methods of circumventing the security, but the time it would take to accomplish the task would, to most hackers, be better spent finding easier prey running a less-secure send-mail protocol then to waste time attempting to crack a server using SouperMail. It’s analogous to the blinking red light on the dash board of automobiles with car alarms.
SouperMail in-and-of itself has become a spammer-deterrent.
In fairness to die-hard FormMail fans, Version 1.91 did address a large portion of the security issues that were present in previous versions; however the overall architecture of the program remains the same thus continuing to make it vulnerable to moderately determined wannabes with a few minutes to spare.
I think you will find SouperMail™ easy to integrate in place of your existing script and the documentation that accompanies will allow even the layperson to implement the program with ease.
0 Responses to “Practicing Good Form”